Vulnerability Description
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Humhub | Humhub | < 1.9.3 |
Related Weaknesses (CWE)
References
- https://github.com/humhub/humhub/pull/5473PatchThird Party Advisory
- https://github.com/humhub/humhub/releases/tag/v1.10.3Release NotesThird Party Advisory
- https://github.com/humhub/humhub/releases/tag/v1.9.3Release NotesThird Party Advisory
- https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74ExploitThird Party Advisory
- https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/ExploitIssue TrackingPatch
- https://github.com/humhub/humhub/pull/5473PatchThird Party Advisory
- https://github.com/humhub/humhub/releases/tag/v1.10.3Release NotesThird Party Advisory
- https://github.com/humhub/humhub/releases/tag/v1.9.3Release NotesThird Party Advisory
- https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74ExploitThird Party Advisory
- https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/ExploitIssue TrackingPatch
FAQ
What is CVE-2021-43847?
CVE-2021-43847 is a vulnerability with a CVSS score of 6.5 (MEDIUM). HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Version...
How severe is CVE-2021-43847?
CVE-2021-43847 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43847?
Check the references section above for vendor advisories and patch information. Affected products include: Humhub Humhub.